Hi!
I can not make SSO with crowd working. I have set up SSO, as desribed in the articles for Jira and Confluence, but can not make it work.
If I log in to Jira with a Crowd User and then change to Confluence I have to log in again.
I have checked the cookies. The Crowd Cookie seems to be there, like you can see here:
This cookie somehow seems to be ignored on my Jira, Confluence and crowd.
The urls I have set up for Jira, Confluence and Crowd are:
https://jira.braunstein-web.com/
https://confluence.braunstein-web.com/
https://crowd.braunstein-web.com:8096/crowd/
So they all are sharing the braunstein-web.com domain.
The crowd directory for Jira and Confluence is set up correctly with the above url and is working. Just Single Sign On does not work.
The username I use is "armin". This user is inside the groups "jira-administrators", "jira-users", "confluence-administrators", "confluence-users", "crowd-administrators".
On Jira I am using the SSOSeraphAuthenticator, on Confluence the ConfluenceCrowdSSOAuthenticator.
I also tried to switch off the "Require consistent client IP address", but also did not help.
Please find the debugging log of crowd here:
Please accept our apologies for not reacting earlier on your request.
As I understand you problem is that you have:
set in the same domain.
All of them have the same user directories configured in Crowd (so Jira and Confluence have same ldap or internal directories in the same order configured inside Crowd application).
You have configured seraph.xml files in both Jira and Confluence to use SSO authentication with Crowd (also the crowd.properties files in those applications properly points to Crowd).
When you log in to Jira and then navigate to Confluence you need to login again as the session is not automatically authenticated.
The crowd.token_key cookie is properly set on that domain.
Is that a fair summary of your issue?
I had a look at your log file, and it looks like there are errors indicating that password did not match. Would it be possible that the directories are not configured in different order for those applications?
In order to investigate this issue further please provide har file of you trying to login to those applications and support zips of all applications in your setup (those will include log files)
If possible I would suggest opening a support case, so that we could exchange files easily not exposing any sensitive data if that is not possible due to licensing restrictions please send us those files at mkempa@atlassian.com and we will try to help you with that.
Best Regards,
Marcin Kempa
@Armin Cheng I am sorry for my late reply but we must have missed your post earlier. Is this problem still occurring?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marek! Yes, I still was not able to solve the problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok thanks @Armin Cheng for your quick answer. I wanted also to thank you for buying Crowd and let you know that we are working on improvements of SSO. The current functionality of course should work for you properly so we will look into that and let you know.
@Marcin Kempa can you please advice something here?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If that is how Atlassian is caring about issues of customers, then I maybe better should not use Jira if my company grows bigger..
I bought crowd actually only for having SSO, and now I can not use it, even, at least it seems, the configuration is done correctly.
I know it's only the "community support", but in the community support description it's written, that, if no answer comes from the community, Atlassian members will care about. But so far no reaction from Atlassian. The bigger licenses would really cost not so less money, that makes a bit worry if it will be also like that, if I need a higher license..
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is there really no possible solution for this?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.